CVE-2023-27161

Name of the Vulnerable Software and Affected Versions Jellyfin versions up to 10.7.7

Description The issue allows attackers to access network resources and sensitive information via a crafted POST request to the /Repositories component, enabling Server-Side Request Forgery (SSRF). This can lead to unauthorized access to sensitive data.

Recommendations For Jellyfin versions up to 10.7.7, as a temporary workaround, consider restricting access to the /Repositories component until a patch is available. Avoid using the vulnerable component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.